[FREEBSD:B3FCB387-DE4B-11E2-B1C6-0025905A4771] mozilla -- multiple vulnerabilities
Severity
High
Affected Packages
6
CVEs
17
The Mozilla Project reports:
Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Title: Memory corruption found using Address Sanitizer
Privileged content access and execution via XBL
Arbitrary code execution within Profiler
Execution of unmapped memory through onreadystatechange
Data in the body of XHR HEAD requests leads to CSRF attacks
SVG filters can lead to information disclosure
PreserveWrapper has inconsistent behavior
Sandbox restrictions not applied to nested frame elements
X-Frame-Options ignored when using server push with multi-part
responses
XrayWrappers can be bypassed to run user defined methods in a
privileged context
getUserMedia permission dialog incorrectly displays location
Homograph domain spoofing in .com, .net and .name
Inaccessible updater can lead to local privilege escalation
| Package | Affected Version |
|---|---|
 pkg:freebsd/thunderbird
|
> 11.0, < 17.0.7 |
|
pkg:freebsd/seamonkey
|
< 2.19 |
|
pkg:freebsd/linux-thunderbird
|
< 17.0.7 |
|
pkg:freebsd/linux-seamonkey
|
< 2.19 |
|
pkg:freebsd/linux-firefox
|
< 17.0.7,1 |
|
pkg:freebsd/firefox
|
> 18.0,1, < 22.0,1 |
- ID
- FREEBSD:B3FCB387-DE4B-11E2-B1C6-0025905A4771
- Severity
- high
- Severity from
- CVE-2013-1682
- URL
- http://vuxml.freebsd.org/freebsd/b3fcb387-de4b-11e2-b1c6-0025905a4771.html
- Published
-
2013-06-25T00:00:00
(11 years ago) - Modified
-
2013-06-26T00:00:00
(11 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
CISA-2022:0328
DSA-2716-1
ELSA-2013-0981
GLSA-201309-23
RHSA-2013:0981
USN-1890-1| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/thunderbird |
thunderbird
|
> 11.0 < 17.0.7 | ||||
| Affected | pkg:freebsd/seamonkey |
seamonkey
|
< 2.19 | ||||
| Affected | pkg:freebsd/linux-thunderbird |
linux-thunderbird
|
< 17.0.7 | ||||
| Affected | pkg:freebsd/linux-seamonkey |
linux-seamonkey
|
< 2.19 | ||||
| Affected | pkg:freebsd/linux-firefox |
linux-firefox
|
< 17.0.7,1 | ||||
| Affected | pkg:freebsd/firefox |
firefox
|
> 18.0,1 < 22.0,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |